|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2019-01-23 18:15:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Justicz: Remote Code Execution in apt/apt-get
Max Justicz describes a
vulnerability in apt-get and how to prevent it. "I found a
vulnerability in apt that allows a network man-in-the-middle (or a
malicious package mirror) to execute arbitrary code as root on a machine
installing any package. The bug has been fixed in the latest versions of
apt. If you’re worried about being exploited during the update process, you
can protect yourself by disabling HTTP redirects while you update."
Max Justicz describes a
vulnerability in apt-get and how to prevent it. "I found a
vulnerability in apt that allows a network man-in-the-middle (or a
malicious package mirror) to execute arbitrary code as root on a machine
installing any package. The bug has been fixed in the latest versions of
apt. If you’re worried about being exploited during the update process, you
can protect yourself by disabling HTTP redirects while you update."
